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DETAILED ACTION 

1. This action Is in reply to an amendment filed March 16, 2006. Claims 4,8,10 and 
1 1 have been amended. Claims 1-12 are pending. 

2. The Examiner withdraws the previous objection to claims 8 and 1 0, as the claims 
have been corrected to over the objection. 

3. The Examiner withdraws the 1 1 2 rejection of claim 4, as the claim has been 
properly amended. >^ 

4. The examiner appreciates the Applicant point out the date discrepancy of 
Allahwerdi and subsequently withdraws the rejections using this reference. However, 
new rejections have been made using new art. 

Response to Arguments 

5. Applicant's arguments with respect to claims 1-12 in regards to the withdrawn 
Allahwerdi reference have been considered but are moot in view of the new ground(s) 
of rejection. 

Claim Objections 

6. Claim 4 is objected to because of the following informalities: line 6 states "the 
server authentication data base (BDA) key" in view of the previous amendment, the 
word "key" should be omitted. Appropriate correction is required. 

Claim Rejections - 35 USC § 112 

7. Claim 1 recites the limitation "securing the access" in line 1. There is insufficient 
antecedent basis for this limitation in the claim. 
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Claim Rejections - 35 USC § 103 

8. Claims 1-5,7,9-12 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Ratayczak (US Patent 6259909), and further in view of Hodges (US Patent 
5420908). 

9. As per claim 1 , Ratayczak discloses a process of securing the access to a data 
processing server from a client site through at least a first communication network, this 
server comprising means for handling a protocol of authenticating a client site user, 
comprising a sequence of receiving and processing Identification data of a client site 
user, and a sequence of transmitting a message from the server site to a client site user 
owned communication equipment through a second communication network (column 6 
line 59- column 7 line 23), characterized in that this transmitted message is a voice 
message (column 7 lines 36-47 wherein using a telephone it is inherent that a voice 
message is sent) providing to the aforesaid user means for generating an authentication 
password intended to be transrriitted to the aforesaid server site through either the first 

. or the second communication network, the call number of the aforesaid communication 
equipment being searched from an authentication data base (column 4 lines 12-25 
wherein the number call number is inherently stored in the subscriber-related data). 

Ratayczak does not disclose wherein the process provides to the user means for 
generating an authentication password. 

Hodges does disclose a process where the data processor provides the user 
means for generating an authentication password to be sent back to the processor iri 
column 3 lines 45-54. 
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Hodges is analogous art because it is directed to a method of autlienticating a 
user using a mobile telephone device using a challenge response protocol wherein the 
wireless device uses an encryption key to encrypt a challenge from the authenticator 
and the authenticator verifies and authenticates the response. 

It would have been obvious for one of ordinary skill in the art at the time of the 
invention to modify Ratayczak to include providing the user with a means for generating 
a password such as a key for use in a challenge response protocol. 

Motivation for one to modify Ratayczak as discussed above would have been to 
enhance the security of the authentication method by authorizing a user without having 
to send the actual password/key across the network as stated in Hodges and as is well 
known in the art. Challenge-response protocols are very prevalent and widely used in 
authentication networks to authenticate users. The wide use is attributed to the added 
security by never having to transmit the secret across the network and preventing replay 
attacks on an intercepted response. 

10. As per claim 2, Ratayczak discloses the securing process according to claim 1 , 
characterized in that it comprises steps of: 

Requesting identification data (ID, MPC) from the client site through the first 
communication network (column 6 lines 69-64); 

Processing the aforesaid data (ID, MPC) and searching an authentication 
database for a client user owned mobile communication equipment call number (this is 
Inherent in column 7 lines 1-5 and 36-44 in that the server must know the call number of 
the mobile device from the HLR described in column 4 lines 12-24); 
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Calling the aforesaid communication equipment through at least a second 
communication network (column 7 lines 1-5 and 36-44); 

After establishing a communication with the aforesaid mobile communication 
equipment, generating a random or pseudo random password (MPA) (column 7 lines 
36-40); 

Sending a voice message comprising the aforesaid random password through 
the second communication network (column 7 lines 1-5); 

Requesting the user provide, from the client site through the first communication 
network an authentication password (7 lines 13-15) derived from the aforesaid random 
or pseudo random password; and 

Authenticating the aforesaid authentication password (column 7 lines 13-15). 

Ratayczak does not disclose wherein the password from the server is randomly 
generated or that the authentication password is derived from this random password. 

Hodges discloses a method wherein the authenticator generates a challenge that 
is used to derive the authenticated response. Hodges however does not disclose 
wherein the challenge is random. However, as is widely known and would be 
understood by one of ordinary skill in the art, random challenges are extremely common 
in challenge response protocols and would be an obvious feature in a challenge 
response authentication method. 

Obviousness and motivation to combine Hodges are mentioned in relation to 
claim 1 , as the combination here is similar. 
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11. As per claim 3, Ratayczak discloses the process according to claim 2, 
characterized in that the authentication password matches the server generated random^ 
or pseudo random password transmitted through the mobile communication equipment 
(column 7 lines 1-13). 

12. As per claim 4, Hodges discloses in regards to claim 3, a process characterized 
in that the authentication password is built from the random or pseudo random 
password generated by the server and transmitted through the mobile communication 
equipment, applying a client user known key that is embodied within the server 
authentication data base, the authentication step comprising a step of converting the 
aforesaid authentication password into a random or pseudo random authentication 
password by applying the aforesaid key (column 5 lines 30 -35 wherein the random 
challenge is well known and practiced in the art as discussed above). 

Motivation and obviousness are the same as applied to claims 1 and 2 discussed 

above. 

1 3. As per claim 5, Ratayczak discloses the process according to claim 1 , 
characterized in that the identification data requested from the client consists of a 
couple [identification code/client password] (column 6 lines 59-64). 

14. As per claim 7, Ratayczak discloses the securing process according to claim 1 , 
characterized in that it comprises on the server side the steps of: 

Requesting identification data (ID, MPC) from the client site through the first 
communication network (column 6 lines 59-64); 
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Processing the aforesaid data (ID, MPC) and searching an authentication 
database for a client user owned mobile communication equipment call number (this is 
inherent in column 7 lines 1-5 and 36-44 in that the server must know the call number of 
the mobile device from the HLR described in column 4 lines 12-24); 

Calling the aforesaid communication equipment through at least a second 
communication network (column 7 lines 1-5 and 36-44); 

In case the communication is established with the aforesaid mobile 
communication equipment, send a voice message requesting the user to send an 
encryption key (Column 4 lines 55-62, wherein the codeword can be used as an 
encryption key as stated in column 7 lines 59-62) 

Receiving and recognizing the encryption key transmitted by the client by means 
of the mobile equipment keyboard (column 4 lines 59-65), 

But does not disclose deciphering by means of the aforesaid encryption key an 
authentication password transmitted by the client through the first communication 
network, this password resulting from the encryption of a client password performed at 
the client site by means of the encryption key; and authenticating the client password 
which results from the authentication password deciphering 

Hodges does disclose deciphering by means of the aforesaid encryption key an 
authentication password transmitted by the client through the first communication 
network, this password resulting from the encryption of a client password performed at 
the client site by means of the encryption key; and authenticating the client password 
which results from the.authentication password deciphering (coluhin 5 lines 30-35). 



Application/Control Number: 10/009,840 Page 8 

Art Unit: 2132 

Hodges is analogous art because it is directed to a method for authenticating a 
user in a challenge response authentication method. 

It would have been obvious for one of ordinary skill in the art at the time of the 
invention to modify Ratayczak to include using the requested and sent key at the server 
to encrypt the previously transmitted password/challenge to reveal a subsequent 
password/response. 

Motivation for one to modify Ratayczak as discussed above would have been to 
enable the transmission of a password without sending the secret data used for the 
authentication across the network as is discussed in the rejection to claims 1 and 2. 

1 5. Claim 9 is rejected because it discloses the same subject matter as claim 1 . 

16. Claim 10 is rejected because it discloses the same subject matter as cliaim 2. 

17. Claim 1 1 is rejected because it discloses the same subject matter as claim 7. 

18. Claim 12 is rejected in regards to claim 1 because it is directed to an application 
for utilizing the process of claim 1 . 

1 9. Claims 6 and 8 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Ratayczak (US Patent 6259909), in view of Hodges (US Patent 5420908), and further in 
view of Fielder (US Patent 5995624) 

20. As per claim 6, Ratayczak and Hodges disclose the process according to claim 
1, but do not disclose wherein the process is characterized in that the step of requesting 
the authentication password from the user takes place during a predetemiined time-out 
delay beyond which authentication is denied. 
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Fielder does disclose wherein the process is characterized in that the step of 
requesting the authentication password from the user takes place during a 
predetermined time-out delay beyond which authentication is denied (column 8 lines 45- 
49). 

Fielder is analogous art because it is directed towards authenticating a user from 
entry of a password. 

It would have been obvious for one of ordinary skill in the art to modify Ratayczak 
et al. to include a time out interval in which the authentication password needed to be 
entered. 

Motivation for one to modify Ratayczak as discussed above would have been to 
enhance the security of the prdcess so as to prevent an attack that would use the time 
delay to intercept the challenge/response or simply to free up processing capability from 
an authentication session that didn't complete in the necessary time frame. These 
motivation statements are well known in the art as commonly used in authentication 
protocols. 

21 . As per claim 8, Ratayczak and Hodges disclose the process according to claim 
7, but do not disclose wherein it is characterized in that the step of receiving the 
encryption [key] takes place during a predetermined time-out delay beyond which the 
authentication is denied. 

Fielder does disclose wherein receiving the encryption [key] takes place during a 
predetermined time-out delay beyond which the authentication is denied (column 8 lines 
45-49). 
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Obviousness and motivation to combine are the same as presented in claim 6 above as 
it is a similar limitation. 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon S. Bludau whose telephone number is 571- 
272-3722. The examiner can nomially be reached on Monday -Friday 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status infomiatlon for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more infomriation about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
' Business Center (EBC) at 866-21 7-91 97 (toll-free). 
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